formbook

General

Target

JaffaCakes118_395812837b0aa6cf4b6a8d3422722949
Size

445KB
Sample

241231-1tvy7stneq
MD5

395812837b0aa6cf4b6a8d3422722949
SHA1

65aeeed97bbd92e2895c7991244579b5f6a466a4
SHA256

798342d87cf72af042f7ba3d59d4c191e46cc7b11da7e618e595911d3b6a8f4b
SHA512

0abf895278479548229544f9d94336088cb8353f2185419de2161bae84700817e190317f2e3ce6ed64e00922b6eb7d4bd27c42c3dc8fa4425900ce88d5786215
SSDEEP

6144:ckfxJlwLX+7szkXV6ufajCf8t00wn90UkKMf2f2LNvNSrhSHGYdSwQiVn7BSE0zF:H0y0mp0t0rnhuvIrUmiv7BSEKw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  JaffaCakes118_395812837b0aa6cf4b6a8d3422722949
- Size
  
  445KB
- MD5
  
  395812837b0aa6cf4b6a8d3422722949
- SHA1
  
  65aeeed97bbd92e2895c7991244579b5f6a466a4
- SHA256
  
  798342d87cf72af042f7ba3d59d4c191e46cc7b11da7e618e595911d3b6a8f4b
- SHA512
  
  0abf895278479548229544f9d94336088cb8353f2185419de2161bae84700817e190317f2e3ce6ed64e00922b6eb7d4bd27c42c3dc8fa4425900ce88d5786215
- SSDEEP
  
  6144:ckfxJlwLX+7szkXV6ufajCf8t00wn90UkKMf2f2LNvNSrhSHGYdSwQiVn7BSE0zF:H0y0mp0t0rnhuvIrUmiv7BSEKw
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2